Amazon Security Engineer Offensive Penetration Testing 

United States, New York 

377080893

Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. You will demonstrate resilience and navigate ambiguous situations with composure and tact. You will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.Key job responsibilities
* Conducting high quality application penetration tests independently, or as part of a team
* Creating detailed engagement plans and thoroughly documenting findings, gaps, and remediation recommendations
* Contributing to team tooling, innovation, and improvements
* Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life Balance

- Bachelor’s degree in Computer Science or related field, or equivalent industry experience with threat modeling, design review, or other threat analysis techniques
- 1+ years of experience in a penetration testing or information security role
- 1+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
- 1+ years of experience with dynamic and manual code auditing to identify security issues
- 1+ years of experience with interpreted or compiled languages (e.g. Python, Ruby, C/C++, Java, .NET)